Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE: 2022:0087-1 Important Icingaweb2 Critical Issue

opensuse
Calendar Grey March 21, 2022
Dist Opensuse Esm H88
New patch released for icingaweb2, addressing multiple critical security vulnerabilities recognized by various CVEs.
An update that fixes two vulnerabilities is now available

Description

This update for icingaweb2 fixes the following issues:

icingaweb2 was updated to 2.8.6

This is a security release.

* Security Fixes

- CVE-2022-24715: SSH resources allow arbitrary code execution for

authenticated users (GHSA-v9mv-h52f-7g63 boo#1196911)

- CVE-2022-24714: Unwanted disclosure of hosts and related data, linked to

decommissioned services (GHSA-qcmg-vr56-x9wf boo#1196913)

Topics%20covered

Topics Covered

security advisory critical issue code execution security fix important update openSUSE Icingaweb2

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2022-87=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

icingacli-2.8.6-15.1

icingaweb2-2.8.6-15.1

icingaweb2-common-2.8.6-15.1

icingaweb2-vendor-HTMLPurifier-2.8.6-15.1

icingaweb2-vendor-JShrink-2.8.6-15.1

icingaweb2-vendor-Parsedown-2.8.6-15.1

icingaweb2-vendor-dompdf-2.8.6-15.1

icingaweb2-vendor-lessphp-2.8.6-15.1

icingaweb2-vendor-zf1-2.8.6-15.1

php-Icinga-2.8.6-15.1

References

https://www.suse.com/security/cve/CVE-2022-24714.html

https://www.suse.com/security/cve/CVE-2022-24715.html

https://bugzilla.suse.com/1196911

https://bugzilla.suse.com/1196913

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2022:0087-1
Rating: important
Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Package Hub for SUSE Linux Enterprise 12 .

Topics%20covered

Topics Covered

security advisory critical issue code execution security fix important update openSUSE Icingaweb2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here